Parents don’t forget the training wheels

Parental Controls have become an important toolkit in keeping track of what our kids do on their mobile devices. Kids are receiving tablets as early as toddlers and phones as early as 10 years of age. It has become essential in putting on training wheels in the form of a screen time, safe calling, safe browsing monitoring app. This also adds peice of mind for parents.

Features have continued to evolve over the years from basic screen time limits, web filtering and blocking apps to more elaborate features that help parents monitor their child’s communications for inappropriate or abusive behavior via text messages or social media platforms.

Kids are kids and will try to tamper

One feature that evolved as a key requirement was parents wanted an app that didn’t involve the typical uninstall steps to remove an app on their Android child devices. It was also clear that the ability for our app (or any app) of protecting itself against easy removal was essential. Our approach is an option (highly recommended of course) that is enabled by the parent/guardian with their full consent and understanding of what will occur if their child attempts to remove the monitoring app. On Android child devices, this was possible by protecting the access to the Device Administrator permission. But Google’s “robots” (literally robots and human contractors) decided that kids don’t need this hurdle;

Check out our blog post: Is Google Evil? Our unjustified removal from Google Play.

Yet Google’s own product management team who created Family Link, a competing parental control app, knows this as well. Google’s Family Link app does protect itself from tampering by kids. In order to uninstall Family Link on the child device, you must enter the parent’s group password and remove the child’s account from the group. Only then is the child’s device free of any restrictions preventing the easy removal of the app. Boomerang Parental Control has used the same approach for years and now we are fighting to get back on Google Play. Who else sees the blatant double standard here?

Update August 14th 2020: Boomerang is available again on Google Play but we had to remove the prevent uninstall protection and are analyzing other potential approaches that Google has shared with us (none of our competitors have been flagged for this yet).

How do apps protect themselves on Android?

With Family Link, Google is able to leverage their own Mobile Device Management features, not available to third parties like us for the purposes of parental controls (as per update above, we are investigating how we can get approved for our purposes but the work involved will be substantial!). Google’s approach results in a greyed out Deactivate button on the Device Administrator permission across all Android devices (see screenshot below). This means the child cannot use the typical methods to uninstall the app from their Android device. A parent password is required. So how is this different than Boomerang Parental Control?

Boomerang Parental Control offered the same app uninstall protection but it is enabled optionally by the parent/guardian. For Samsung users, thanks to Samsung Knox, we continue to be able to offer an identical experience as Family Link (greyed Deactivate button). For non-Samsung devices, we were using the Accessibility permission which allowed us to monitor the specific screen where the Device Administrator screen for Boomerang Parental Control could be detected. Once detected, our service would block it with a full screen overlay to inform the child/user that the area they attempted to access is blocked (example below).

Google did flag us for violating the policies of using the Accessibility API. Again, this approach is used by many apps for different purposes. We have always been upfront on why we require this permission – nothing deceptive was ever done, we are not a bad actor. For users with privacy concerns in how we leverage the Accessibility permission, we only monitor key areas that we require to provide a safe and secure environment. Another unique example of the use of the Accessibility permission, is with embedded browsers. Embedded browsers are screens inside apps such as Gmail or social media apps like Instagram that open a web link inside their app without opening the default browser. Allowing an embedded browser activity results in an unfiltered web browsing experience for kids – something we are passionate about helping families browse safely from all of the online filth easily accessible via a Google Search. Chrome doesn’t filter the internet by default – we provide this service and peace of mind for parents.

P.S. as a third party parental control app, we cannot protect any of our service on iOS devices. Lots of history on this in our other blog post Letter to users about Apple parental controls. 

What can parents do today?

Android is a fairly open platform and allows for apps to be installed from outside of the Google Play store. Sometimes referred to, “installs from unknown sources”, this is a safe and alternative way to install apps that are not available on Google Play. Think of this as if you are downloading a piece of software from a reputable website on your Macbook or Windows PC. In our case, we offer a version for Google Play and one for our website from the same development environment.

Parents can still get our fully featured and version with prevent removal on our download page.

Key features still available on our website version: 

✅ Call safety features

✅ Text Message safety features

✅ Prevent Uninstall protection